4 - Mark Ciampa's Blog (Security+ 3e)

    • 5 May 2011

    Don't

    Attackers today try to leverage current events into an attack using social engineering {Chapter 14 Security+ 3ed}. The latest is using the death of Osama Bin Laden to spread malware. Billions of spam messages are being spewed out that have an attachment "Fotos_Osama_Bin_Laden.zip" that claim to have both photographs and video of Osama's last minutes of life. Yet when you launch the Windows executable...
    • 25 Apr 2011

    The Magic Wand

    Suppose that you had the power to wave a magic wand and dramatically change the face of information security (you might be tempted to use that wand for other things, but work with me here). Let’s say that you wanted to stop all (yes, ALL) the attacks targeted at Microsoft’s Internet Explorer (IE) Web browser that were based on known vulnerabilities. And you decided to stop every attack that exploited...
    • 23 Apr 2011

    Password Checkup

    If the password you use for your secure applications like banking does not look like this--WUuAxB2aWBndTf7MfEtm--in terms of both length and complexity, then your password is weak and may be easily defeated. How can you tell? By examining how password recovery programs work. That's what one security researcher did, and it can be used as a quick password checkup to see how strong our passwords really are. Most passwords...
    • 20 Apr 2011

    Attacks on Passwords (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 18 Apr 2011

    Unprecedented Botnet Purging

    It's easy to toss around lightly the word "unprecedented" ("without previous instance", "never before known or experienced", "unparalleled") lightly. Yet that's precisely the best term to use in a stunning move by the U.S. Department of Justice (DoJ) and U.S. Federal Bureau of Investigation (FBI) approved by the courts to stop a botnet. The Coreflood botnet has been in...
    • 14 Apr 2011

    Record Microsoft Patch--Again

    There's an old saying in sports that "Records are made to be broken." Evidently Microsoft is following that same philosophy. For this month's Patch Tuesday {Chapter 3 Security+ 3ed} released this week Microsoft made available patches addressing a new record of 64 vulnerabilities in Windows, Internet Explorer (IE), Excel, PowerPoint, and .Net. If you are into numbers, there are a total of 17 updates,...
    • 10 Apr 2011

    Zodiac Island Is Gone

    Quick question: If your entire collection of digital files were this very instant wiped out by a virus or a hard drive crash, do you have a current backup from which you could get everything back? Do you want a real-life incident that shows the value of maintaining current backups? Zodiac Island is a syndicated children's television show that is produced in both the U.S. and abroad. The producers of Zodiac Island...
    • 6 Apr 2011

    More Spear Phishing On the Way

    My e-mail inbox has been filling up the last few days. No, not with new spam (well, maybe it is). It's filling up with e-mail warnings from companies that have my e-mail address on file. They are warning me to expect more spear phishing attacks {Chapter 14 Security+ 3ed} due to the latest security breach. And, it's a big one. Epsilon is a provider of "marketing-email" services for over 2,500 well...
    • 5 Apr 2011

    Car Hacking (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 3 Apr 2011

    Cloud Computing (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 30 Mar 2011

    Tell Us!

    Security breaches as a result of vulnerabilities in an organization are bad (understatement!) for both the customers who are impacted as well as for the organization. No enterprise likes to have bad publicity about its lack of security shouted from the rooftops, yet coming clean with the truth as quickly as possible is always the best policy (just ask any of the recent politicians who tried to cover up their antics and...
    • 28 Mar 2011

    SQL Injection Attack on MySQL Site

    You would think--you would HOPE--that a vendor who sells structured query language (SQL) software would be the first to lock down their Web application server to protect it from SQL injection attacks {Chapter 3 Security+ 3ed}. Looks like that's not the case. This past weekend (Mar 27 2011) the MySQL.com customer Web site (in case that name sounds familiar to you, MySQL is a leading SQL product now owned by Oracle...
    • 25 Mar 2011

    Apple Patching Pwn2own Problems

    After the embarassment that Apple suffered by having their Safari 5.0.3 on a fully-patched Mac OS X 10.6.6 compromised in just 5 seconds at the pwn2own contest (see Mar 14 2011 blog posting)--and this was just two days after Apple released a record patch addressing 62 vulnerabilities (see Mar 11 2011 blog posting)--this week they distributed another suite of 56 patches for its Snow Leopard operating system. Four out of...
    • 19 Mar 2011

    Rustock Takedown

    A coordinated--and novel--approach to cutting off botnets {Chapter 2 Security+ 3ed} occurred this week (Mar 16 2011). This may be an indication of a new trend to take down the bad guys. Rustock malware, which is installed when you visit an infected Web site or open an infected e-mail attachment, creates a zombie computer that is then collected into a botnet. This Rustock botnet of about 1 million zombies is infamous...
    • 14 Mar 2011

    pwn2own - And They Did

    Last week the annual pwn2own "hacking competition" was held at the CanSecWest security conference. If a security researcher can "pwn" the browser (make it run arbitrary code) then they "own" the hardware. The owning at pwn2own is literal: the researcher gets to keep the new laptop on which they successfully exploited the vulnerability (and in some instances, they get cash, too). This year...
    • 11 Mar 2011

    Record Apple Patch

    On Wednesday (Mar 9 2011) Apple announced a record patch of 62 vulnerabilities in its Web browser Safari 5. In addition, a security release for its iOS operating system used on iPhones, iPads, and other portable devices was also released that addressed many of the same vulnerabilities. To break down the numbers, 56 of the vulnerabilities were cricital (although Apple doesn't use that terminology) and 57 of them could...
    • 7 Mar 2011

    Don't Use Our Software

    It's not often we hear a software vendor say to quit using their software (although some probably should, but that's another story). Yet that's exactly what Microsoft is doing regarding Internet Explorer Version 6 (IE6). Although it's been around for over 10 years, IE6 is still used by 12% of all Internet users worldwide. In fact, in China it's the most popular browser, with over one-third of Chinese...
    • 5 Mar 2011

    MobileSitter (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 28 Feb 2011

    Session Hijacking (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 24 Feb 2011

    U-Prove Replacing CardSpace

    One of the more interesting authentication models is Microsoft Windows CardSpace {Chapter 8 Security+ 3ed}. CardSpace, known as a "claims-based identity", is designed to provide users with control of their digital identities while helping them to manage privacy. With CardSpace users can create and use "virtual business cards" that contain information that identifies the user. Web sites can then ask...
    • 22 Feb 2011

    Bad Browser Security

    Browsers {Chapter 3 Security+ 3ed} are a prime target for attackers. That's why it's discouraging to read that 80% of Web browsers are vulnerable to attacks. And not just any attacks, but attacks for which a patch is already available. Qualys offers a free BrowserCheck service for users who want to determine if their browser and the accompanying plug-ins are all is up-to-date. The software will scan a Windows...
    • 17 Feb 2011

    Personalized Tracking Protection

    Although many users think that "anonymous" and "Web surfing" go pretty much hand-in-hand, that really is not the case. Many Web sites use advertising and tracking features to watch what sites you visit in order to create a profile of your interests. When you visit a site it may create a unique identification number (like BTC081208) that is associated with your browser (they really don't know your...
    • 15 Feb 2011

    Expanded AutoRun Protection

    Take a peek at that computer you're typing on. How many Universal Serial Bus (USB) ports does it have? My latest computer has four ports in the front and an equal amount in the back. And along with that, how many USB flash drives are in that drawer? I've got so many of them, ranging from 256K to 16GB, that I couldn't even begin to count. And the popularity of USB ports and devices has not gone unnoticed by...
    • 11 Feb 2011

    Computer Viruses (From Upcoming Security+ Guide to Network Security Fundamentals 4th Edition)

    The current Security+ exam is scheduled to replaced by a new exam, SY0-301, in 2011. In order to provide the most current and up-to-date information available, work has already begun on the new Security+ Guide to Network Security Fundamentals 4th Edition textbook. This textbook and its companion material will have several exciting new features. From time to time abbreviated sections of material from the new edition will...
    • 8 Feb 2011

    More Chrome Security News

    Google's Chrome Web browser has been grabbing the headlines lately on several different fronts. First they are betting $20,000 that an attacker cannot break Chrome's security (see Feb 4 2011 blog). Now more news about Chrome is coming out that indicates it may become a significant player in the ongoing browser wars. Net Applications reports that Chrome usage has increased from 5.2% to 10.7%, an increase of...